[Dean's World] Scott Kirwin: Ebay Scam: The Trickiest Spoof I've Seen

notify at powerblogs.com notify at powerblogs.com
Thu Feb 8 12:00:20 EST 2007 

Posted by Scott Kirwin:
Ebay Scam: The Trickiest Spoof I've Seen
http://www.deanesmay.com/posts/1170953062.shtml


   I am a regular buyer and seller on Ebay. Consequently I also receive a
   ton of scam and spoof emails pretending to be from Ebay or it's
   subsidiary, Paypal. However, this is the most sophisticated spoof I've
   received: [ebay_spoof.png]

   Note that the Item number is correct, and I am currently selling it.
   Ignore the faded out button, I'm running a utility and the SnagIt
   capture also caught that.

   So how do I know that it's fake?

   When I hover the mouse over either the item# or the respond button, I
   see this in the status bar at the bottom of my Firefox browser:
   [ebay_spoof-2.png]

   ow I don't trust anything I get from anybody these days. When I
   receive an email, I immediately assume it's bogus, a scam, or spam.
   Unfortunately, that's because most of the email I receive fits one of
   those categories.

   I've received spoof emails before claiming to be from buyers, along
   the lines of "I didn't receive the shaver you sent last month blah
   blah blah," when I know exactly what I sold - or bought. But this
   method of spoofing is the trickiest I've seen so far because it
   directly pulls data from a current listing - one that didn't even
   exist 4 days ago.

   I've forwarded it to Ebay, so I'm sure they will spare no expense to
   track the culprits down.

   I loved the New Jersey bit, especially since I make it clear that I
   ship worldwide. I've always thought New Jersey was on another
   planet...

   Note that the URL redirects to the Ocean University of China. However
   I noticed that the URL on the sender ID appears to be a legit Ebay
   URL. Given the Chinese government runs one of the most effective
   "black hat" hacking operations in the world, I'm less surprised in the
   apparent sophistication of this scam.

   This isn't the first runin I've had with Chinese hackers. Back in May
   2001, weeks after one of our spy planes bumped up against a Chinese
   fighter and took it out, I discovered that one of the American Medical
   Association's servers had been compromised. It contained a nice little
   anti-US screed with the headline "F*** the Hegemon Bush", which we all
   know later became the battle-cry of DNC under the chairmanship of
   Howard Dean... Yes more sarcasm. I'm full of it today...

More information about the Deanesmay mailing list